Subject: Re: Periodic Coverity Scan

Re: Periodic Coverity Scan

From: Jakub Hrozek <jhrozek_at_redhat.com>
Date: Sat, 1 Nov 2014 16:05:48 +0100

On Fri, Sep 19, 2014 at 10:55:46AM +0100, David Drysdale wrote:
> On Thu, Sep 18, 2014 at 6:17 PM, Jakub Hrozek <jhrozek_at_redhat.com> wrote:
>
> > On Thu, Sep 18, 2014 at 12:13:36AM +0200, Daniel Stenberg wrote:
> > > On Wed, 17 Sep 2014, Jakub Hrozek wrote:
> > >
> > > >FWIW, we scan all packages in RHEL with Coverity, but mostly look at
> > diffs
> > > >between versions -- which already found some bugs. I'm not sure if
> > anyone
> > > >did a full review of all the messages Coverity would spit out..
> > >
> > > Oh, this made me realize my daily clang-analyzer job wasn't actually
> > running
> > > on c-ares lately but I've activated it again now and its reports can be
> > seen
> > > here:
> > >
> > > http://c-ares.haxx.se/scans/
> >
> > cool!
> >
> > In general my experience is that Coverity and clang sometimes find
> > different issues, so it's good to run both.
> >
> > >
> > > It looks like we have small issues to work on.
> >
> > My take:
> >
> > 1) Dead store Dead increment ares_init.c:1398
> > This seems like a false positive. I wonder if clang would
> > be happier if we moved "lenv *= 2;" after the realloc check? But that
> > would make the code less readable in my opinion.
> >
>
> I thought that was a true positive, although it indicates a slightly
> different bug -- the loop is WHILE_FALSE so the continue statement after
> doubling the length won't go round it again. Maybe the loop should be
> "while (res != 0);" or somesuch?

Sorry for the month-long delay.

Yes, that sounds like a better solution..I'll ack (after testing!) a
patch if you can prepare one..

Do the two small fixes I sent earlier look OK to you?
Received on 2014-11-01